Samba and a crypto library
Jeremy Allison
jra at samba.org
Wed Nov 18 16:42:32 UTC 2015
On Wed, Nov 18, 2015 at 08:03:31AM +0100, Andreas Schneider wrote:
> On Tuesday 17 November 2015 18:02:33 Andreas Schneider wrote:
> > Hello,
> >
> > I'm currently working on migrating our MS-BRKP implementation to GnuTLS to
> > get rid of the Heimdal dependency for MIT Kerberos support. I've already
> > migrated everthing which is certificate related to GnuTLS. However there
> > are SHA and HMAC functions which are still used from Heimdal.
> >
> > To do this I would like to add a depenency to a crypto library. As we are
> > already using GnuTLS for some parts of the could, I would like to use GNU
> > Nettle for the low level crypto stuff. GnuTLS depends on libnettle for the
> > low level crypto.
> >
> > https://www.lysator.liu.se/~nisse/nettle/nettle.html
> >
> > https://git.lysator.liu.se/nettle/nettle
> >
> > The license is LGPLv3, GPLv2 and GPLv3.
> >
> > The crypto operations are mostly written in assembler and also use cpu
> > optimized versions like aesni.
> >
> > It is really up to date and implement state of the art crypto like chacha-
> > poly1305, Curve25519 etc. The development seems active and healthy.
> >
> > If we agree I would also suggset not only to use it for MS-BRKP but also
> > replace lib/crypto in future.
> >
>
> Ok, then I will go ahead. I guess people will start to discuss and complain as
> soon as I remove lib/crypto ;)
I took a look at it and it seemed fine :-). Just didn't
get chance to reply. Does it integrate with crypto-offload
engines ?
More information about the samba-technical
mailing list